Robert Leonard Information Security Manager Hamilton

Slides:



Advertisements
Similar presentations
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Advertisements

Helping our customers keep their computers safe.  Using your pet’s, business, family, friend’s names  Using number or letter sequences (0123, abcd)
Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
8 Mistakes That Expose You to Online Fraud to Online Fraud.
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Information Security – Creating Awareness, Educating Staff, and Protecting Information Session 46 Chris Aidan, CISSP Information Security Manager Pearson.
Threats to I.T Internet security By Cameron Mundy.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
Social Engineering UTHSC Information Security Team.
Social Engineering Training. Why Social Engineering Training? The Department of Energy (DOE) authorized the Red Team to perform vulnerability assessments.
ESCCO Data Security Training David Dixon September 2014.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
IT security By Tilly Gerlack.
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
Topic 5: Basic Security.
Computer Crime: Identity Theft, Misuse of Personal Information, and How to Protect Yourself (Tawny Walsh, Irina Lohina, Renair Jackson, Jahmele Betterson,
Cybersecurity Test Review Introduction to Digital Technology.
ANNUAL HIPAA AND INFORMATION SECURITY EDUCATION. KEY TERMS  HIPAA - Health Insurance Portability and Accountability Act. The primary goal of the law.
OCTOBER IS CYBER SECURITY AWARENESS MONTH. October is Cyber Security Awareness Month  Our Cyber Security Awareness Campaign focuses on topics such as.
ONLINE SECURITY Tips 1 Online Security Online Security Tips.
Outline of this module By the end of this module, you will be able to: Identify the benefits of using social networking to communicate with family and.
Outline of this module By the end of this module, you will be able to: Understand the benefits that internet banking provides; Name the different dangers.
JANELL LAYSER Training Manual. AWARENESS! Social Engineers are out there, and everyone should be prepared to deal with them! They can contact you by phone,
Information Technology Security Office of the Vice President for Information Technology New Employee Orientation II.
POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.
Internet Safety.
HIPAA Privacy and Security
What is Information Security?
Social Engineering: The Human Element of Computer Security
Edexcel GCSE Cyber security threats Computer Science 1CP1
An Introduction to Phishing and Viruses
Social Engineering Brock’s Cyber Security Awareness Committee
Social Engineering Charniece Craven COSC 316.
Protecting What’s Yours: Your Identity
Information Security.
Ways to protect yourself against hackers
Types of Cyber Crimes Phishing - is a scam to steal your online username and password. Phishing attacks work by tricking you into entering your username.
Lesson 3 Safe Computing.
Secure Software Confidentiality Integrity Data Security Authentication
Baiting By Conan, Amy and Sarah.
I S P S loss Prevention.
Information Security 101 Richard Davis, Rob Laltrello.
Phishing is a form of social engineering that attempts to steal sensitive information.
How to Install and Setup Quick Heal Antivirus Call
A Trojan is a computer program that contains the malicious code and it misleads users and user's computer. It aims to designed to perform something is.
Staying Austin College
Teaching Computing to GCSE
Lesson 2- Protecting Yourself Online
Social Engineering Brock’s Cyber Security Awareness Committee
Cybersecurity Awareness
Protecting Your Identity:
Personal IT Security Cyber Security – Basic Steps
Lesson 2: Epic Security Considerations
HOW DO I KEEP MY COMPUTER SAFE?
Keeping your data, money & reputation safe
Top Ten Cyber Security Hygiene Tips
Computer Security.
9 ways to avoid viruses and spyware
Lesson 2: Epic Security Considerations
Lesson 2: Epic Security Considerations
Information Security – Creating Awareness, Educating Staff, and Protecting Information Session 46 Chris Aidan, CISSP Information Security Manager Pearson.
How to keep the bad guys out and your data safe
Internet Safety – Social Media
What is Phishing? Pronounced “Fishing”
Lesson 2- Protecting Yourself Online
Phishing 101.
Presentation transcript:

Robert Leonard Information Security Manager Hamilton IT Annual Training-2016 Information Security – Creating Awareness, Educating Staff, and Protecting Information Robert Leonard Information Security Manager Hamilton

Understanding Threats What is valuable? Trade Secrets CPNI Personal Identifiable Data What is vulnerable? Desk Work Area What can we do to safeguard and mitigate threats? What can we do to prepare ourselves? Education Annual Testing Most believe they will win lottery before getting hit by malicious code

Keep Sensitive Data Private Protecting Information like: CPNI Drivers license number Insurance numbers Passwords and PIN’s Banking information Trade Secrets

Passwords Select a good one Keep passwords safe Change them often At least 7 characters Mixture of upper and lowercase characters Mixture of alpha and numeric characters Do not use dictionary words Keep passwords safe Change them often Don’t share or reuse passwords

Email & Chat Services Email and chat are sent in clear text over the Internet Data can easily be captured and read by savvy computer users and systems administrators Do not use these programs for sending/receiving sensitive information Thought---What are some other possible ways we can accomplish this??

Enhance Our Work Area Security Secure workstations Lock our systems (Windows+L) Shut down Double check our virus scanning software is up to date Password protect files Apply software patches What else can we do to secure the work area??

Incident Response Do you know what to do and who to contact if a security breach occurs? Report immediately to your Business Line Manager or Information Security Manager (Rob Leonard) Write down all pertinent information about the breach so you don’t forget details.

What is Social Engineering? Social engineering is the psychological manipulation of people for the purpose of gathering information, fraud, or system access.

5 Types of Social Engineering Pretexting Phishing Baiting Quid Pro Quo Tailgating

Pretexting Creating an invented scenario to manipulate a person to divulge information or perform an action. Example – You get a call from someone claiming to be from your bank. They say that there has been some suspicious purchases from your account. To correct the problem they ask for your account information. The attacker then use this information to access your bank account.

Phishing Attempting to acquire sensitive information by masquerading as a trustworthy source in an email. Example – Attacker send you an email stating your PayPal account has had to many failed logons and requires you to change your password. A link in the email leads to a web page that looks like it is the PayPal webpage. Once you enter your logon information they now have your username and password to access your account.

Quid pro quo A hacker offers a service or benefit in exchange for information or access. Example – Attacker pretends to be from an IT service and offers assistance to each victim. They promise a quick fix if the person would disable their Anti-Virus program. They then install a piece of malware on the computer that assumes the appearance of software updates.

Baiting An attacker leaves a malware-infected physical device, such as a USB flash drive in a place it is sure to be found. Example - A flash drive may be placed on the ground labeled 2016 Financials. A user then picks up the disk and plugs it into there computer. Malware on the computer then infects it.

Tailgating Someone who lacks the proper authentication following an employee into a restricted area. Example – A person posing as a delivery driver asks for an employee to hold the door, thereby gaining access to the facility.

How to Prevent Social Engineering Attacks Never provide confidential information or credentials to unknown sources. If you receive an email with a link to an unknown site, avoid the instinct to click it. If you are unsure if an email is legitimate, try contacting the company directly or contact your IT staff. Always be wary of USB drives and disks you find lying around. Don’t hold a door open for someone in a secure building. Always require them to use the hand scanners for access.

Thank You!!! If you have any questions, feel free to contact your Business Line Manager or Hamilton's Information Security Manager (ISM) at Ext. 7223. REMEMBER to take the test on the Intranet site to satisfy your responsibility to have Annual Security Training.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.